Commit e18bb64a authored by Janek Bevendorff's avatar Janek Bevendorff

Add subjectAltName to certificates

parent d4082026
......@@ -50,7 +50,6 @@ eval set -- "${FLAGS_ARGV}"
export MOUNT_DIR
trap "cleanup ${MOUNT_DIR}; exit $?" INT TERM EXIT
CONF="$(dirname $0)/openssl.conf"
......@@ -140,9 +139,9 @@ generate_key() {
# Usage: generate_csr CONF CERT_TYPE KEY_FILE OUT_FILE DEFAULT_SUBJ ORG_UNIT CLIENT_CN CLIENT_FULL_NAME CLIENT_EMAIL
generate_csr() {
logInfo "Generating CSR..."
openssl req -config "$1" -new -key "$3" -out "$4" -reqexts "v3_req_${2}" \
-subj "${5}OU=${6}/CN=${7}/emailAddress=${9}"
# -addext "subjectAltName = otherName:${8}"
openssl req -new -key "$3" -out "$4" -reqexts "v3_req_${2}" \
-subj "${5}OU=${6}/CN=${7}/emailAddress=${9}" -reqexts "SAN" \
-config <(cat "$1" <(printf "\n[SAN]\nsubjectAltName = 'DNS:${8}'"))
}
# Usage: revoke_cert CONF CERT CA_KEY CA_CERT
......@@ -330,11 +329,13 @@ issue() {
CSR="${MOUNT_DIR}/${FLAGS_type}/${cert_filename}.csr"
if [ $FLAGS_overwrite -eq 1 ] && [ -f "$CSR" ]; then
logError "CSR file ${CSR} already exists!"
rm -f "$KEY"
cleanup "$MOUNT_DIR"
exit 1
fi
if ! generate_csr "$CONF" "$FLAGS_type" "$KEY" "$CSR" "$FLAGS_default_subj" "$FLAGS_organizational_unit" "$FLAGS_common_name" "$FLAGS_full_name" "$FLAGS_email"; then
logError "CSR generation failed!"
rm -f "$KEY" "$CSR"
cleanup "$MOUNT_DIR"
exit 1
fi
......@@ -348,6 +349,7 @@ issue() {
logInfo "Signing client certificate..."
if ! sign_csr "$CONF" "$CSR" "$CERT" "$ROOT_KEY" "$ROOT_CERT" "$FLAGS_type"; then
logError "Signing failed!"
rm -f "$KEY" "$CSR" "$CERT"
cleanup "$MOUNT_DIR"
exit 1
fi
......@@ -356,6 +358,7 @@ issue() {
logInfo "Writing .ovpn file..."
ROOT_CA_CERT="$(dirname $ROOT_CERT)/Webis_Root_CA.crt"
if ! generate_ovpn_file "$FLAGS_out" "$CERT" "$ROOT_CERT" "$KEY" $FLAGS_no_password; then
rm -f "$KEY" "$CSR" "$CERT"
cleanup "$MOUNT_DIR"
exit 1
fi
......
......@@ -75,6 +75,7 @@ policy = policy_match
name_opt = ca_default
cert_opt = ca_default
unique_subject = no
copy_extensions = copy
[ policy_match ]
commonName = supplied
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment